< Back to Cloudless Terminal
Privacy Policy (GDPR)

At cloudless.site, we minimize data collection by design. We are engineers, not advertisers. This policy outlines how we process your data.

1. Server Location (EU)

Our infrastructure is physically hosted in European Union. We do not transfer personal data outside the EEA.

2. Cookies and Local Storage

We do not use third-party tracking cookies or analytics pixels.
If you use our Web Dashboard, we use strict HttpOnly Cookies for dashboard authentication to prevent XSS token theft. No persistent identifiers are stored in Local Storage.

3. Information We Collect

Connectivity Logs: We log incoming client IP addresses and high-level control-plane actions for security auditing and abuse prevention (Legitimate Interest). In our SQLite database this is stored as action_log entries: ts, actor_fp, client_ip, action, target, details.
SSH Identity: We store your public key's fingerprint (SHA256) to associate your user identity with your registered domains.
Email Address: When registering a domain, we may collect your email address strictly for functional purposes (sending verification tokens or critical service alerts). We do not use it for marketing.

Tunneled Traffic: Cloudless does not inspect, analyze, or store the content of tunneled network traffic. The dataplane forwards encrypted streams without application-level inspection.

4. Private Keys and Security

We never store or see your SSH private keys. The SSH protocol guarantees they never leave your device.
Sensitive connection data, such as per-session digital signatures or handshake secrets, resides strictly in volatile memory (RAM) and is wiped upon disconnection.

5. Data Retention

Action/security logs are retained for a limited period (default 30 days, configurable by the service operator) and are automatically pruned to reduce data exposure. Domain registration data persists as long as you maintain the service.

6. User Rights (GDPR)

Under GDPR, you have the right to access, rectify, or erase your data.
Right to Access: You can view your stored data (domains, scripts, session info) using CLI commands like ssh ls@cloudless.site, ssh info@cloudless.site <domain> and ssh list@cloudless.site, or via the Dashboard.
Right to Erasure ("Right to be Forgotten"): You can release domains using ssh release@cloudless.site <domain>. Operational logs are pruned by retention policy; for additional deletion requests, contact support (subject to security and legal obligations).

7. Contact

For privacy inquiries or to exercise your rights, email us at support@cloudless.site.
You also have the right to lodge a complaint with your local Data Protection Authority.
Terms | Acceptable Use | Abuse